Commits · 9362c93ebc5b14bf18e82cdebf380ccc52f3d92f · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

23 Nov, 2016 2 commits

Remove old style NewSessionTicket from TLSv1.3 · 9362c93e

Matt Caswell authored Nov 08, 2016



TLSv1.3 has a NewSessionTicket message, but it is *completely* different to
the TLSv1.2 one and may as well have been called something else. This commit
removes the old style NewSessionTicket from TLSv1.3. We will have to add the
new style one back in later.

Reviewed-by: Rich Salz <rsalz@openssl.org>

9362c93e

Fix EXTMS error introduced by commit · 82c9c030

Matt Caswell authored Nov 22, 2016

Commit 94ed2c67

 dropped a ! operator by mistake, which causes extended
master secret connections to fail. This puts in back.

Reviewed-by: Richard Levitte <levitte@openssl.org>

82c9c030

22 Nov, 2016 1 commit
- Clarify what X509_NAME_online does with the given buffer and size · 19cb71ef
  Richard Levitte authored Nov 22, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1980)
```
  19cb71ef
21 Nov, 2016 3 commits

Add missing -zdelete for some linux arches · 55ab86e4

Kurt Roeckx authored Nov 21, 2016

b6d5ba1a

 forgot to update some linux arches.

Reviewed-by: Richard Levitte <levitte@openssl.org>

GH: #1977

55ab86e4

Skipping tests in evp_test leaks memory · 024d681e

Todd Short authored Nov 17, 2016



When configured with "no-mdc2 enable-crypto-mdebug" the evp_test
will leak memory due to skipped tests, and error out.

Also fix a skip condition

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1968)

024d681e

Make SSL_read and SSL_write return the old behaviour and document it. · beacb0f0
Kurt Roeckx authored Nov 15, 2016
```
This reverts commit 4880672a

.

Fixes: #1903

Reviewed-by: Matt Caswell <matt@openssl.org>

GH: #1931
```
beacb0f0

20 Nov, 2016 1 commit
- Add test to check EVP_PKEY method ordering. · 52fe14e6
  Dr. Stephen Henson authored Nov 19, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  52fe14e6
18 Nov, 2016 5 commits

Avoid warnings like unused enum value (as suggested by Rich Salz) · 7524c520

Robert Scheck authored Nov 18, 2016



Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1945)

7524c520

Shift inside of switch back one level (code style change, as requested by Rich Salz) · 1d8a94fb

Robert Scheck authored Nov 17, 2016



Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1945)

1d8a94fb

Add LMTP support (RFC 2033) to s_client ("-starttls lmtp") · 9576545a

Robert Scheck authored Nov 17, 2016



Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1945)

9576545a

Use consistent variable names in example · 5defbe6f

Beat Bolli authored Nov 18, 2016



In the X509_NAME_get_index_by_NID.pod example, the initialized variable is called
"loc", but the one used in the for loop is called "lastpos". Make the names match.

CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1949)

5defbe6f

Update the location of the pod files · 663ece0f

Beat Bolli authored Nov 18, 2016

CLA: trivial
Since 99d63d46

 ("Move manpages to man[1357] structure.", 2016-10-26), the location
of the pod files has changed.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1951)

663ece0f

17 Nov, 2016 23 commits

Fix name of "locked" variable · 0a3dce82

Kurt Roeckx authored Sep 03, 2016



It's called with 0 when it's already locked, with 1 when it's not.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

GH: #1500

0a3dce82

Add support for reference counting using C11 atomics · 2f545ae4

Kurt Roeckx authored Aug 27, 2016



Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

GH: #1500

2f545ae4

Support MSBLOB format if RC4 is disabled · b6c68982
Dr. Stephen Henson authored Nov 17, 2016
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
b6c68982

sha/asm/sha512-armv8.pl: fix big-endian support in __KERNEL__ case. · 32bbb62e

Andy Polyakov authored Nov 13, 2016



In non-__KERNEL__ context 32-bit-style __ARMEB__/__ARMEL__ macros were
set in arm_arch.h, which is shared between 32- and 64-bit builds. Since
it's not included in __KERNEL__ case, we have to adhere to official
64-bit pre-defines, __AARCH64EB__/__AARCH64EL__.

[If we are to share more code, it would need similar adjustment.]

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

32bbb62e

Fix missing SSL_IS_TLS13(s) usage · 657a43f6

Matt Caswell authored Nov 16, 2016



We should use the macro for testing if we are using TLSv1.3 rather than
checking s->version directly.

Reviewed-by: Rich Salz <rsalz@openssl.org>

657a43f6

Handle "int_ctx_new:unsupported algorithm" error · 86ff6cc6

Nicola Tuveri authored Oct 07, 2016



Calling EVP_PKEY_CTX_new_id(curve_NID, NULL) causes an error for most
curves that are implemented through the EC low-level API, and in the
last commit we call it for every curve to avoid treating X25519 as a
special case.

Last commit code already handles correctly this failure, but does not
remove these events from the thread error queue, thus some
false-positive warnings are printed at the end of execution.

This commit ensures that the error queue is clean, without flushing
other errors.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1658)

86ff6cc6

Do not handle R_EC_X25519 as a special case · b756d694

Nicola Tuveri authored Oct 07, 2016



Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1658)

b756d694

Remove leftover KDF pointer · 79438087

Nicola Tuveri authored Oct 07, 2016



Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1658)

79438087

Use CRYPTO_memcmp for comparing derived secrets · 9bffdebc

Nicola Tuveri authored Oct 06, 2016



Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1658)

9bffdebc

Reintroduce preliminary sanity check in ECDH speed and remove further checks in the benchmark loop. · f7d984dd

Nicola Tuveri authored Oct 04, 2016



Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1658)

f7d984dd

Remove ECDH_EVP_derive_key wrapper function · db1dd936

Nicola Tuveri authored Oct 04, 2016



Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1658)

db1dd936

More coding style fixes · 2e4c3b5c

Nicola Tuveri authored Oct 04, 2016



Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1658)

2e4c3b5c

Run util/openssl-format-source against apps/speed.c · 29dd15b1

Nicola Tuveri authored Oct 04, 2016



Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1658)

29dd15b1

bugfix: calculate outlen for each curve · cc98e639

Nicola Tuveri authored Oct 04, 2016



Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1658)

cc98e639

Handle EVP_PKEY_derive errors and fix coding style issues · dfdd45f7

Nicola Tuveri authored Oct 04, 2016



Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1658)

dfdd45f7

Fix coding style and remove some stale code/comments · c29c7aad

Nicola Tuveri authored Oct 03, 2016



Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1658)

c29c7aad

Use EVP interface for ECDH in apps/speed.c · ed7377db

Nicola Tuveri authored Oct 03, 2016



Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1658)

ed7377db

Add conversion test for MSBLOB format. · d922634d
Dr. Stephen Henson authored Nov 16, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
d922634d
Make MSBLOB format work with dsa utility. · b3795987
Dr. Stephen Henson authored Nov 16, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
b3795987
Fix MSBLOB format with RSA. · 159f6e7e
Dr. Stephen Henson authored Nov 16, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
159f6e7e

Raise an error on memory alloc failure. · bad6b116

FdaSilvaYY authored Nov 10, 2016



Both strdup or malloc failure should raise à err.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1905)

bad6b116

Missing free item on push failure · 2d13250f

FdaSilvaYY authored Nov 11, 2016



Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1905)

2d13250f

Merge find-undoc-api into find-doc-nits · 71a8b855

Rich Salz authored Nov 13, 2016



Use \b on NOEXIST and EXPORT_VAR_AS_FUNC patterns as suggested by Andy.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1912)

71a8b855

16 Nov, 2016 5 commits

Move SCT_LIST_free definition into a more logical place · e1940e9f

Rob Percival authored Oct 19, 2016



This reflects its position in include/openssl/ct.h.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1548)

e1940e9f

Make sure things get deleted when test setup fails in ct_test.c · 765731a8

Rob Percival authored Oct 19, 2016



Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1548)

765731a8

Use valid signature in test_decode_tls_sct() · e2635c49

Rob Percival authored Oct 19, 2016



Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1548)

e2635c49

Pass a temporary pointer to o2i_SCT_signature from SCT_new_from_base64 · 73ccf3ca

Rob Percival authored Oct 19, 2016



Otherwise, |dec| gets moved past the end of the signature by
o2i_SCT_signature and then can't be correctly freed afterwards.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1548)

73ccf3ca

Subtract padding from outlen in ct_base64_decode · 70a06fc1

Rob Percival authored Oct 19, 2016



Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1548)

70a06fc1